Removed dependency
This commit is contained in:
parent
db038f7a75
commit
ea026f76e7
17
deps.edn
17
deps.edn
|
@ -1,8 +1,7 @@
|
|||
{:deps
|
||||
{org.clojure/clojure {:mvn/version "1.10.1"}
|
||||
clj-http {:mvn/version "3.10.0"}
|
||||
amperity/vault-clj {:mvn/version "0.7.1"}
|
||||
org.postgresql/postgresql {:mvn/version "42.2.8"}
|
||||
org.postgresql/postgresql {:mvn/version "42.2.9"}
|
||||
com.layerware/hugsql-core {:mvn/version "0.5.1"}
|
||||
com.layerware/hugsql-adapter-next-jdbc {:mvn/version "0.5.1"}
|
||||
digest {:mvn/version "1.4.9"}
|
||||
|
@ -10,11 +9,15 @@
|
|||
;; Logging
|
||||
com.taoensso/timbre {:mvn/version "4.10.0"}
|
||||
com.fzakaria/slf4j-timbre {:mvn/version "0.3.14"}
|
||||
org.slf4j/log4j-over-slf4j {:mvn/version "1.7.14"}
|
||||
org.slf4j/jul-to-slf4j {:mvn/version "1.7.14"}
|
||||
org.slf4j/jcl-over-slf4j {:mvn/version "1.7.14"}}
|
||||
org.slf4j/log4j-over-slf4j {:mvn/version "1.7.29"}
|
||||
org.slf4j/jul-to-slf4j {:mvn/version "1.7.29"}
|
||||
org.slf4j/jcl-over-slf4j {:mvn/version "1.7.29"}}
|
||||
:paths ["src" "resources"]
|
||||
:mvn/repos {"central" {:url "https://repo1.maven.org/maven2/"}
|
||||
"clojars" {:url "https://repo.clojars.org/"}}
|
||||
:aliases {:test {:extra-paths ["test"]
|
||||
:extra-deps {:mockery {:mvn/version "0.1.4"}}}}}
|
||||
:aliases {:outdated {:extra-deps {olical/depot {:mvn/version "1.8.4"}}
|
||||
:main-opts ["-m" "depot.outdated.main" "-a" "outdated"]}
|
||||
:docs {:extra-deps {marginalia {:git/url "https://github.com/zilti/marginalia" :sha "33af53d4848c58aa0e7cfdd76ab23310052816af"}}
|
||||
:main-opts ["-m" "marginalia.core" "-n" "Sompani-Toolbox"]}
|
||||
:test {:extra-paths ["test"]
|
||||
:extra-deps {mockery {:mvn/version "0.1.4"}}}}}
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
server {
|
||||
server_name www.talent.{{company-name}}.{{company-suffix}} talent.{{company-name}}.{{company-suffix}} {{company-name}}.talent.careers;
|
||||
return 301 https://talent.{{company-name}}.{{company-suffix}}$request_uri;
|
||||
server_name www.talent.{{company-domain}} talent.{{company-domain}} {{company-name}}.talent.careers;
|
||||
return 301 https://talent.{{company-domain}}$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:443 ssl;
|
||||
listen 443 ssl;
|
||||
server_name www.talent.{{company-name}}.{{company-suffix}};
|
||||
server_name www.talent.{{company-domain}};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{company-name}}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{company-name}}/privkey.pem;
|
||||
|
@ -20,13 +20,13 @@ server {
|
|||
ssl_stapling_verify on;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
|
||||
return 301 https://talent.{{company-name}}.{{company-suffix}}$request_uri;
|
||||
return 301 https://talent.{{company-domain}}$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:443 ssl;
|
||||
listen 443 ssl;
|
||||
server_name talent.{{company-name}}.{{company-suffix}} {{company-name}}.talent.careers;
|
||||
server_name talent.{{company-domain}} {{company-name}}.talent.careers;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{company-name}}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{company-name}}/privkey.pem;
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
(ns com.sompani.onboarding
|
||||
"A tool to automate the onboarding of new VCs.
|
||||
|
||||
This works by providing `-main` with an EDN file containing the keys
|
||||
with the necessary info. The EDN file has to contain a map with the
|
||||
following keys:
|
||||
|
||||
* `:company-name`: the company name as in <company-name>.talent.careers.
|
||||
* `:company-domain`: the company domain name as in talent.<company-domain>."
|
||||
(:require [clojure.java.shell :as sh]
|
||||
[clojure.java.io :as io]
|
||||
[clojure.string :as str]
|
||||
[vault.core :as vault]
|
||||
vault.client.http
|
||||
[clj-http.client :as http]
|
||||
[cljstache.core :as cljstache]
|
||||
[taoensso.timbre :as timbre
|
||||
|
@ -15,8 +21,6 @@
|
|||
(java.nio.file.attribute PosixFileAttributeView
|
||||
FileAttribute)))
|
||||
|
||||
(def vault-client (vault/new-client "http://127.0.0.1:8200"))
|
||||
|
||||
;; # Webserver configuration
|
||||
|
||||
;; ## Deployment directory structure
|
||||
|
@ -35,7 +39,6 @@
|
|||
(let [attrs (Files/getFileAttributeView (.toPath (io/file "/srv/http/www.sompani.com"))
|
||||
PosixFileAttributeView
|
||||
(into-array LinkOption [LinkOption/NOFOLLOW_LINKS]))
|
||||
;; group (.group attrs)
|
||||
owner (.getOwner attrs)
|
||||
fattr (into-array FileAttribute [])]
|
||||
(doseq [dir-str ["/srv/http/staging.%s.talent.careers-cache"
|
||||
|
@ -49,24 +52,24 @@
|
|||
"/srv/http/%s.talent.careers-uploads"
|
||||
"/srv/http/%s.talent.careers.1234"]
|
||||
:let [dir (.toPath (io/file (format dir-str company-name)))]]
|
||||
(Files/createDirectory dir fattr)
|
||||
(set-owner dir owner)
|
||||
;; (set-group dir group)
|
||||
(and
|
||||
(Files/createDirectory dir fattr)
|
||||
(set-owner dir owner))
|
||||
)
|
||||
(let [link (.toPath (io/file (format "/srv/http/staging.%s.talent.careers" company-name)))]
|
||||
(Files/createSymbolicLink link
|
||||
(.toPath (io/file (format "/srv/http/staging.%s.talent.careers.1234" company-name)))
|
||||
fattr)
|
||||
(set-owner link owner)
|
||||
;; (set-group link group)
|
||||
(and
|
||||
(Files/createSymbolicLink link
|
||||
(.toPath (io/file (format "/srv/http/staging.%s.talent.careers.1234" company-name)))
|
||||
fattr)
|
||||
(set-owner link owner))
|
||||
)
|
||||
|
||||
(let [link (.toPath (io/file (format "/srv/http/%s.talent.careers" company-name)))]
|
||||
(Files/createSymbolicLink link
|
||||
(.toPath (io/file (format "/srv/http/%s.talent.careers.1234" company-name)))
|
||||
fattr)
|
||||
(set-owner link owner)
|
||||
;; (set-group link group)
|
||||
(and
|
||||
(Files/createSymbolicLink link
|
||||
(.toPath (io/file (format "/srv/http/%s.talent.careers.1234" company-name)))
|
||||
fattr)
|
||||
(set-owner link owner))
|
||||
)))
|
||||
|
||||
;; ## nginx configuration
|
||||
|
@ -81,14 +84,14 @@
|
|||
(cljstache/render (slurp in-file) datamap))))
|
||||
|
||||
;; ## Certificates
|
||||
(defn generate-certs! [{:keys [company-name company-suffix] :as datamap}]
|
||||
(defn generate-certs! [{:keys [company-name company-domain] :as datamap}]
|
||||
(info
|
||||
(apply sh/sh (map #(cljstache/render % datamap)
|
||||
["certbot" "certonly" "--nginx"
|
||||
"-d" "staging.{{company-name}}.talent.careers"
|
||||
"-d" "{{company-name}}.talent.careers"
|
||||
"-d" "talent.{{company-name}}.{{company-suffix}}"
|
||||
"-d" "www.talent.{{company-name}}.{{company-suffix}}"
|
||||
"-d" "talent.{{company-domain}}"
|
||||
"-d" "www.talent.{{company-domain}}"
|
||||
"--cert-name" "{{company-name}}"]))))
|
||||
|
||||
;; # DNS configuration
|
||||
|
@ -106,7 +109,7 @@
|
|||
|
||||
(defn make-basic-dns-entries! [{:keys [company-name]}]
|
||||
(let [uri "https://api.cloudflare.com/client/v4/zones/5cd643e7432d7cf69f44e268e32b5452/dns_records"
|
||||
headers {"Authorization" (str "Bearer " (:token (vault/read-secret vault-client "secret/cloudflare-api")))}
|
||||
headers {"Authorization" (str "Bearer " (System/getenv "CLOUDFLARE_API"))}
|
||||
entries (basic-dns-entries company-name)]
|
||||
(debug "Creating DNS entries for" company-name "; Headers: " headers)
|
||||
(doseq [entry entries]
|
||||
|
@ -118,9 +121,7 @@
|
|||
;; # Main initialization
|
||||
|
||||
(defn -main [& args]
|
||||
(let [datamap {:company-name (nth args 0)
|
||||
:company-suffix (nth args 1)}]
|
||||
(vault/authenticate! vault-client :token (System/getenv "VAULT_TOKEN"))
|
||||
(let [datamap (read-string (slurp (nth args 0)))]
|
||||
(info "Creating deploy directories.")
|
||||
(make-dirs! datamap)
|
||||
(info "Creating basic DNS entries.")
|
||||
|
|
Loading…
Reference in New Issue